Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

WEBINAR:On-Demand

Malware threats, Facebook privacy and criminal charges all made their way into various security stories in the past week.

The week started out with another battle tied to privacy and security on Facebook, this time stemming from the social network's decision to allow applications to access users' mobile phone and address information. Facebook eventually backed down, putting the feature on hold while it institutes changes to ensure users only share information when they intend to. The company did not state exactly what those changes will be, but said they are slated to come in the next few weeks.

The FBI arrested two men in connection with an attack on the AT&T Website last year. Daniel Spitler of San Francisco and Andrew Auernheimer of Fayetteville, Ark., were charged with one count of conspiracy to access a computer without authorization and one count of fraud in connection with personal information. According to the feds, the two were involved in the theft of more than 100,000 e-mail addresses belonging to iPad 3G users last June.

Both men face a maximum penalty of five years in prison and a fine of $250,000 for each count.

Further reading

Trapster.com notified its users that the company had been attacked, potentially exposing e-mail addresses and passwords belonging to users. Trapster makes a mobile application that warns users about speed traps on the road. While the company released few details about the incident, it said the exploited security hole has been plugged.

On the malware front, researchers at Microsoft brought attention to the Bohu Trojan, which made headlines due to its targeting of cloud-based antivirus technologies. The malware was first observed in China. Once on a system, the Trojan creates and installs a number of files, modifies the registry and writes random junk data into the end of its key payload components to dodge hash-based detection used by cloud-based antivirus technologies. It also installs a Network Driver Interface Specification (NDIS) filter.

According to Microsoft, Bohu blocks access to antivirus cloud servers via a Windows Sockets service provider interface (SPI) filter that blocks network traffic between the cloud security client and server.

"The purpose of the [NDIS] driver is to prevent the antivirus client from uploading data to the server by looking for the server addresses in the IP datagram," Microsoft researchers Jingli Li and Zhitao Zhou wrote in their blog post. "The driver probes the data stream and find HTTP request keywords and cloud-server names of some of the major Chinese AV vendors, such as Kingsoft, Rising, and Qihoo. We have contacted the relevant vendors about this malware threat."

By submitting your information, you agree that eweek.com may send you eWEEK offers via email, phone and text message, as well as email offers about other products and services that eWEEK believes may be of interest to you. eWEEK will process your information in accordance with the Quinstreet Privacy Policy.

We ran into a problem

We already have your email address on file. Please use the "Forgot your password?" link to create a password, validate your email and login.